DevSecOps Bootcamp - Week 6 - Lesson 1

Transcript

1. 1 BUILDING RUGGED SOFTWARE YEAR ONE / WEEK SIX /

   LESSON ONE Copyright © DevSecOps Foundation 2015-2016

2. 2 Copyright © DevSecOps Foundation 2015-2016 Agenda • Thinking Outside

   the box • Web Application Vulnerability Chaining • Lab 1 Web App Vuln Chaining • Lateral Movement • Metasploit Intro • AWS Account Takeover (ATO) • ATO Lab Week 6 Offensive Security

3. 3 Copyright © DevSecOps Foundation 2015-2016 • Attacking the weak

   link (Humans) • Redefine the perimeter • High value target $$$ • Most value for least effort • Persistence • Obfuscation Thinking Like an Attacker

4. 4 Copyright © DevSecOps Foundation 2015-2016 • Phishing • Network

   • Malware • Application • Web Application • Mobile • Wireless MITM Attack Vectors

5. 5 Copyright © DevSecOps Foundation 2015-2016 • Sometimes one vuln

   is not good enough • Chaining exploits together improves both the likelihood of occurrence and the impact of successful exploitation • This is called “vulnerability weaponization” • You have to be able to “think outside the box” and be a little sadistic Web Application Exploit Chaining http://example.com/redirect.php?url=http://evil.attacker.com

6. 6 Copyright © DevSecOps Foundation 2015-2016 Unvalidated redirect + 0-day

   browser plugin exploit == Malware drop on victim’s PC + OS priv escalation exploit == Hostile PC takeover and/or foothold into internal network • If attack is targeted, the goal will be the latter (foothold) • If attack is non-targeted, the goal will be the former (ransomware) Exploit Chaining Example #1

7. 7 Copyright © DevSecOps Foundation 2015-2016 Persistent XSS vuln on

   commonly frequented site + CSRF vulnerability in victim’s broadband router’s “mgmt web app” == Router take-over and/or foothold into internal network • If attack is targeted, goal will be the latter (foothold) • If attack is non-targeted, goal will be the former (use router for DDOS) Exploit Chaining Example #2

8. 8 Copyright © DevSecOps Foundation 2015-2016 Unvalidated Redirect + XSS

   (exploiting Broken Session Mgmt and/or Sensitive Data Exposure vulns) + more Broken Session Mgmt == Successful Account Hijack bypassing MFA protection Exploit Chaining Example #3

9. 9 Questions? Copyright © DevSecOps Foundation 2015-2016

10. 10 Copyright © DevSecOps Foundation 2015-2016 Lab 1 Chaining Web

    Exploits

11. 11 Copyright © DevSecOps Foundation 2015-2016